Total
261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20677 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-10-08 | N/A | 7.8 HIGH |
| A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. | |||||
| CVE-2024-38016 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-24 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2024-43463 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-17 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2024-43465 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-09-13 | N/A | 7.8 HIGH |
| Microsoft Excel Elevation of Privilege Vulnerability | |||||
| CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 6.7 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-38172 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2024-08-16 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-38171 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 7.8 HIGH |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||
| CVE-2024-38170 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2024-08-16 | N/A | 7.1 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-38169 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-08-16 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2024-38189 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 8.8 HIGH |
| Microsoft Project Remote Code Execution Vulnerability | |||||
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-14 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||
| CVE-2023-35311 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-08-14 | N/A | 7.5 HIGH |
| Microsoft Outlook Security Feature Bypass Vulnerability | |||||
| CVE-2024-38200 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-08-13 | N/A | 6.5 MEDIUM |
| Microsoft Office Spoofing Vulnerability | |||||
| CVE-2021-42292 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-07-24 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Security Feature Bypass Vulnerability | |||||
| CVE-2021-38646 | 1 Microsoft | 2 365 Apps, Office | 2024-07-16 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | |||||
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-07-11 | N/A | 6.5 MEDIUM |
| Microsoft Outlook Spoofing Vulnerability | |||||
| CVE-2024-38021 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-07-11 | N/A | 8.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2024-07-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | |||||
| CVE-2023-36761 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-06-21 | N/A | 6.5 MEDIUM |
| Microsoft Word Information Disclosure Vulnerability | |||||
| CVE-2024-30104 | 1 Microsoft | 2 365 Apps, Office | 2024-06-20 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||